Reddit hacked, in spite of SMS two-factor authentication

File photo Reddit mascots are displayed at the headquarters in San Francisco, California April 15, 2014. (REUTERS/Robert Galbraith)

Reddit on Wednesday reported a breach of security. The good news? Nothing too big, probably stolen. The bad news? It was a two-factor authentication scam.

During the mid-June break-in, the hacker had access to an old backup of Reddit, the data of the user such as hashed passwords from 2007. The offender also viewed logs of Reddit’s “e-mail digests,” which can link to a user name, an e-mail address, if you provided it.

In other words, the battle seems to be with only exposed e-mail address information for the existing users, and encrypted password data for a long time Reddit fans from more than a decade ago.

“The attacker does not get write access to Reddit systems; they have got read-only access to a number of systems that back up data, source code

and
other logs,” Reddit engineering’

KeyserSosa
“said in a post detailing the security incident.

More From PCmag

Russian Troll Farm, Just the Tip of a Disinformation Iceberg

Pre-Order Your Own Retro Arcade Cabinet for Just $299

Samsung Galaxy Tab S4 Features DeX for a PC-Like Experience’

Feds Indict Hackers to Steal 15 Million Payment Card Numbers

Nevertheless, the battle is raising alarm bells in the IT security community, because the attacker did that by breaking into employee accounts that were supposedly protected by two-factor authentication.

These accounts are configured to not only need a password when logging on, but also a special one-time password that would have sent about the employee’s smartphone via a TEXT message.

“We have learned that SMS authentication is not as secure as we hope, and the main attack was via a TEXT message to intercept,” Reddit is KeyserSosa said, without elaboration.

How does a hacker go about stealing TEXT messages? It is not as difficult as you might think. In the past, cyber criminals have assumed a victim’s identity to seduce mobile providers, in essence, giving them access to the person phone number. Hackers with technical expertise and the right hardware can also mess with mobile technologies to collect in the area of TEXT messages, or temporarily spoof the person’s phone number.

Whatever the case may be, Reddit is the use of the security incident to encourage the public to switch to non-SMS-based two-factor authentication. This includes your smartphone to generate the special one-time code via an app. Another solution is the use of a hardware-based security key, that is what Google has done to stop phishing, an employee of the company accounts.

If you don’t have two-factor authentication, it is a good idea to use it on your most important accounts, such as Facebook or your bank, which usually can be activated in the settings page. Even SMS verification is better than just protecting your account with a password.

For Reddit users who have their login information stolen in the breach, the website will reset passwords, and message of the respective users with tips on how they can protect themselves.

“Or Reddit you will be prompted to change your password, after thinking about the question of whether you still use the same password that you used on Reddit 11 years ago, on other sites today,” the site said.

You may also like

Muneca, a 51-year-old white-cheeked gibbon, was humanely killed at the Smithsonian National Zoo last week (Mehgan Murphy, Smithsonian’s National Zoo) Employees and animal lovers at the Smithsonian National Zoo are mourning the loss of Muneca...

This March 25, 2015 file photo shows a plume of ash and steam rising from the crater of the volcano Popocatepetl, as seen from the center of San Nicolas de los Ranchos, Mexico. (AP) Ash from the volcano Popocatepetl has reached the southern...

More than 100 raccoons have died due to a virus which makes them behave like zombies. (iStock) The plague of the living-dead raccoons. At least 176 Central Park raccoons have now died in an outbreak of a virus that causes them to act as...

close Video Shark spotted by divers in 420 meters A California Academy of Sciences dive safety officer caught this footage of a shark just a few meters away are not aware of a colleague. In the midst of the discovery of a new type of fish, a team of...

Silhouettes of the laptop, and the users of mobile devices are see next to a projection screen of the Google logo in this picture illustration 28 March 2018. REUTERS/dado Ruvic/Illustration – RC1F87EA23D0 Google has its own universe. If you...

File photo: A Microsoft logo is shown in a pop-up site for the Windows-10 operating system. (REUTERS/Shannon Stapleton) Secret Leaves Q: Google is tracking everything. There Is a site search that does not include what you’re looking for? A:...